Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Pinecone launched the pledge pool of protocol token PCT at 09:00 UTC on August 18, 2021, and was attacked at 11:41:19 AM UTC. When the Pinecone PCT pledge pool went online, the front-end was processed to limit illegal operations, but the hacker bypassed the front-end page during the attack and directly called the smart contract through the ordinary account, depositing PCT tokens greater than the amount of the account balance, and the PCT pool was wrong. Records the number of user deposits. When withdrawing, you can extract more PCT tokens. After discovering that the currency price had plunged, the project party immediately terminated the call of the smart contract. The current loss of the number of PCTs: about 3.53 million. Attack method (per SlowMist): Compatibility Issue. Reported loss: 3,530,000 PCT.
- chain
- —
- protocol
- Pinecone Finance
- bug_class
- logic
- date_occurred
- 2021-08-19
- loss_usd
- —
- source_id
- sm:pinecone-finance::2021-08-19